From 6a541fcbe7198e20ae39aa7c38bb324bc73ce0f4 Mon Sep 17 00:00:00 2001 From: John Lago <750845+Lagoja@users.noreply.github.com> Date: Thu, 16 Apr 2026 12:39:04 -0700 Subject: [PATCH 1/2] Bump Go from 1.24.5 to 1.26.1 to fix security vulnerabilities (#2817) Update go.mod, flake.nix (buildGo126Module), and flake.lock (nixpkgs-unstable) to resolve 1 critical and 12 high-severity CVEs in Go 1.24.5. Co-Authored-By: Claude Opus 4.6 --- flake.lock | 6 +++--- flake.nix | 2 +- go.mod | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 67cca4c108a..4cee253d4fb 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1772433332, - "narHash": "sha256-izhTDFKsg6KeVBxJS9EblGeQ8y+O8eCa6RcW874vxEc=", + "lastModified": 1776169885, + "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cf59864ef8aa2e178cccedbe2c178185b0365705", + "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 6a10551b9e1..c83e1ba03e8 100644 --- a/flake.nix +++ b/flake.nix @@ -27,7 +27,7 @@ # Run `devbox run update-flake` to update the vendor-hash vendorHash = if builtins.pathExists ./vendor-hash then builtins.readFile ./vendor-hash else ""; - buildGoModule = pkgs.buildGo125Module; + buildGoModule = pkgs.buildGo126Module; in { diff --git a/go.mod b/go.mod index 9c07311c753..5e292c99375 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module go.jetify.com/devbox -go 1.24.5 +go 1.26.1 require ( al.essio.dev/pkg/shellescape v1.6.0 From 1d3e68511c3edc9ea7105a3ee5de0e4a8f3d79c0 Mon Sep 17 00:00:00 2001 From: John Lago <750845+Lagoja@users.noreply.github.com> Date: Thu, 16 Apr 2026 12:50:08 -0700 Subject: [PATCH 2/2] devbox update --- devbox.lock | 86 ++++++++++++++++++++++++++--------------------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/devbox.lock b/devbox.lock index 709786ceec7..8c31d4cf4bd 100644 --- a/devbox.lock +++ b/devbox.lock @@ -2,174 +2,174 @@ "lockfile_version": "1", "packages": { "fd@latest": { - "last_modified": "2025-07-28T17:09:23Z", - "resolved": "github:NixOS/nixpkgs/648f70160c03151bc2121d179291337ad6bc564b#fd", + "last_modified": "2026-03-21T07:29:51Z", + "resolved": "github:NixOS/nixpkgs/09061f748ee21f68a089cd5d91ec1859cd93d0be#fd", "source": "devbox-search", - "version": "10.2.0", + "version": "10.4.2", "systems": { "aarch64-darwin": { "outputs": [ { "name": "out", - "path": "/nix/store/40nk6ri500aip6a34x8nnhr9k0ikgl8f-fd-10.2.0", + "path": "/nix/store/b87vl0i1j3w760n2s6w30r2d69j89ags-fd-10.4.2", "default": true } ], - "store_path": "/nix/store/40nk6ri500aip6a34x8nnhr9k0ikgl8f-fd-10.2.0" + "store_path": "/nix/store/b87vl0i1j3w760n2s6w30r2d69j89ags-fd-10.4.2" }, "aarch64-linux": { "outputs": [ { "name": "out", - "path": "/nix/store/f0cm3mr35dxk6ziwcarwmk5psnzklg6k-fd-10.2.0", + "path": "/nix/store/zxmq6kgqkl1zdyap0dskawvwah2sg6wy-fd-10.4.2", "default": true } ], - "store_path": "/nix/store/f0cm3mr35dxk6ziwcarwmk5psnzklg6k-fd-10.2.0" + "store_path": "/nix/store/zxmq6kgqkl1zdyap0dskawvwah2sg6wy-fd-10.4.2" }, "x86_64-darwin": { "outputs": [ { "name": "out", - "path": "/nix/store/5vqrgkgb3ishhjrjfvd08401bzj80yhl-fd-10.2.0", + "path": "/nix/store/sclrbgh1hx86s6c3d6hl1lwxrrp33j3l-fd-10.4.2", "default": true } ], - "store_path": "/nix/store/5vqrgkgb3ishhjrjfvd08401bzj80yhl-fd-10.2.0" + "store_path": "/nix/store/sclrbgh1hx86s6c3d6hl1lwxrrp33j3l-fd-10.4.2" }, "x86_64-linux": { "outputs": [ { "name": "out", - "path": "/nix/store/d8gs5vih8f1nkck5q8jrndzxzdkpsl01-fd-10.2.0", + "path": "/nix/store/836lndidk1144z81npf27c7dcgmczid3-fd-10.4.2", "default": true } ], - "store_path": "/nix/store/d8gs5vih8f1nkck5q8jrndzxzdkpsl01-fd-10.2.0" + "store_path": "/nix/store/836lndidk1144z81npf27c7dcgmczid3-fd-10.4.2" } } }, "git@latest": { - "last_modified": "2025-07-28T17:09:23Z", - "resolved": "github:NixOS/nixpkgs/648f70160c03151bc2121d179291337ad6bc564b#git", + "last_modified": "2026-03-21T07:29:51Z", + "resolved": "github:NixOS/nixpkgs/09061f748ee21f68a089cd5d91ec1859cd93d0be#git", "source": "devbox-search", - "version": "2.50.1", + "version": "2.53.0", "systems": { "aarch64-darwin": { "outputs": [ { "name": "out", - "path": "/nix/store/jn9byxgdjndngf0d2by0djg8gcdll7xc-git-2.50.1", + "path": "/nix/store/6qbj40r0s289k5slmy8yna5x2hfz01wg-git-2.53.0", "default": true }, { "name": "doc", - "path": "/nix/store/j8djmq64ckbah7bl6jv1y6arrjr0shmv-git-2.50.1-doc" + "path": "/nix/store/xp9w7bcl4c78268kn82qdayqglj0zdxa-git-2.53.0-doc" } ], - "store_path": "/nix/store/jn9byxgdjndngf0d2by0djg8gcdll7xc-git-2.50.1" + "store_path": "/nix/store/6qbj40r0s289k5slmy8yna5x2hfz01wg-git-2.53.0" }, "aarch64-linux": { "outputs": [ { "name": "out", - "path": "/nix/store/h4pvvix6pvnvys9a6y1xj2442r1ajdhl-git-2.50.1", + "path": "/nix/store/0vbb6j0ppx1w8cw28h7w8s2dzla9j3m6-git-2.53.0", "default": true }, { "name": "debug", - "path": "/nix/store/rpxnrnsn4nbx8wm9d2vrgj0fr5xzz5lg-git-2.50.1-debug" + "path": "/nix/store/gaj4q67pid2pcy9nvh2ysv4728wxj5m4-git-2.53.0-debug" }, { "name": "doc", - "path": "/nix/store/q8sicpx16gyzxnp3345a46lj4cz9wd09-git-2.50.1-doc" + "path": "/nix/store/9mrg9g0w2b4cfdppq3n4zvhkvyixvqpx-git-2.53.0-doc" } ], - "store_path": "/nix/store/h4pvvix6pvnvys9a6y1xj2442r1ajdhl-git-2.50.1" + "store_path": "/nix/store/0vbb6j0ppx1w8cw28h7w8s2dzla9j3m6-git-2.53.0" }, "x86_64-darwin": { "outputs": [ { "name": "out", - "path": "/nix/store/8d1n8cvi5x1j0v61459lvhqs26vmcqbl-git-2.50.1", + "path": "/nix/store/2q2hzaclp1rsj65h21lng7wa26vawhnq-git-2.53.0", "default": true }, { "name": "doc", - "path": "/nix/store/yn9cvbs7jz4dfdb17qralgr0ybi5rmjf-git-2.50.1-doc" + "path": "/nix/store/yi2mi426la2x7rggv0a0ah11s2dangz4-git-2.53.0-doc" } ], - "store_path": "/nix/store/8d1n8cvi5x1j0v61459lvhqs26vmcqbl-git-2.50.1" + "store_path": "/nix/store/2q2hzaclp1rsj65h21lng7wa26vawhnq-git-2.53.0" }, "x86_64-linux": { "outputs": [ { "name": "out", - "path": "/nix/store/5i8zvall945kypmwgqd0y47f02pldwp4-git-2.50.1", + "path": "/nix/store/7yvcckar1lzhqnr0xx2n19nsdjd4qa4d-git-2.53.0", "default": true }, { - "name": "doc", - "path": "/nix/store/d2lhlzkdziwmijik8nszfwp8srbkskb9-git-2.50.1-doc" + "name": "debug", + "path": "/nix/store/9xs1n97fsdbgnk8cxbdx3hqlz6fdaynb-git-2.53.0-debug" }, { - "name": "debug", - "path": "/nix/store/l46kpjpcwwp8l7kzzr1s2dlk646r73z2-git-2.50.1-debug" + "name": "doc", + "path": "/nix/store/rv7cz5lz1qmbdnh3zrpv0j0wa5ivaacq-git-2.53.0-doc" } ], - "store_path": "/nix/store/5i8zvall945kypmwgqd0y47f02pldwp4-git-2.50.1" + "store_path": "/nix/store/7yvcckar1lzhqnr0xx2n19nsdjd4qa4d-git-2.53.0" } } }, "github:NixOS/nixpkgs/nixpkgs-unstable": { - "last_modified": "2025-08-12T09:17:37Z", - "resolved": "github:NixOS/nixpkgs/372d9eeeafa5b15913201e2b92e8e539ac7c64d1?lastModified=1754990257&narHash=sha256-eEq2wlYNF2t89PsNyEv5Sz4lSxdukZCj4SdhZBVAGpI%3D" + "last_modified": "2026-04-15T12:22:54Z", + "resolved": "github:NixOS/nixpkgs/566acc07c54dc807f91625bb286cb9b321b5f42a?lastModified=1776255774&narHash=sha256-psVTpH6PK3q1htMJpmdz1hLF5pQgEshu7gQWgKO6t6Y%3D" }, "go@latest": { - "last_modified": "2026-01-23T17:20:52Z", - "resolved": "github:NixOS/nixpkgs/a1bab9e494f5f4939442a57a58d0449a109593fe#go", + "last_modified": "2026-03-21T07:29:51Z", + "resolved": "github:NixOS/nixpkgs/09061f748ee21f68a089cd5d91ec1859cd93d0be#go", "source": "devbox-search", - "version": "1.25.5", + "version": "1.26.1", "systems": { "aarch64-darwin": { "outputs": [ { "name": "out", - "path": "/nix/store/wh88zz6r1ihcp2mm7ys1f2anp8aga6n2-go-1.25.5", + "path": "/nix/store/kh43nhaz1qcpwws2xq805lrmwpmn9i3k-go-1.26.1", "default": true } ], - "store_path": "/nix/store/wh88zz6r1ihcp2mm7ys1f2anp8aga6n2-go-1.25.5" + "store_path": "/nix/store/kh43nhaz1qcpwws2xq805lrmwpmn9i3k-go-1.26.1" }, "aarch64-linux": { "outputs": [ { "name": "out", - "path": "/nix/store/k3knzdi0v21bf2m7vcxpdy1jnqg1h0zk-go-1.25.5", + "path": "/nix/store/rz1pqbm5z3zfby250i0djfmfzzj7khg9-go-1.26.1", "default": true } ], - "store_path": "/nix/store/k3knzdi0v21bf2m7vcxpdy1jnqg1h0zk-go-1.25.5" + "store_path": "/nix/store/rz1pqbm5z3zfby250i0djfmfzzj7khg9-go-1.26.1" }, "x86_64-darwin": { "outputs": [ { "name": "out", - "path": "/nix/store/bwdahzajhqd5x14dbvkqww5f1wpsxif3-go-1.25.5", + "path": "/nix/store/yv6jj27racylbfjw6a1cdr91ndxbgyf6-go-1.26.1", "default": true } ], - "store_path": "/nix/store/bwdahzajhqd5x14dbvkqww5f1wpsxif3-go-1.25.5" + "store_path": "/nix/store/yv6jj27racylbfjw6a1cdr91ndxbgyf6-go-1.26.1" }, "x86_64-linux": { "outputs": [ { "name": "out", - "path": "/nix/store/zzvsjgylnphvhms3lgr2qlwdxmc68z66-go-1.25.5", + "path": "/nix/store/ckcq2mj8zk0drhaaacy6mp9d924hnr4m-go-1.26.1", "default": true } ], - "store_path": "/nix/store/zzvsjgylnphvhms3lgr2qlwdxmc68z66-go-1.25.5" + "store_path": "/nix/store/ckcq2mj8zk0drhaaacy6mp9d924hnr4m-go-1.26.1" } } }